An anonymous reader writes: Malware planted on the servers of Freedom Hosting—the "hidden service" hosting provider on the Tor anonymized network brought down late last week—may have de-anonymized visitors to the sites running on that service. This issue could send identifying information about site visitors to an Internet Protocol address that was hard-coded into the script the malware injected into browsers. And it appears the IP address in question belongs to the National Security Agency (NSA).

This revelation comes from analysis done collaboratively by Baneki Privacy Labs, a collective of Internet security researchers, and VPN provider Cryptocloud. When the IP address was uncovered in the JavaScript exploit—which specifically targets Firefox Long-Term Support version 17, the version included in Tor Browser Bundle—a source at Baneki told Ars that he and others reached out to the malware and security community to help identify the source.

This discussion was created for logged-in users only, but now has been archived.
No new comments can be posted.